SSL Performance Problems

Transcription

1 ANALYST BRIEF SSL Performance Problems SIGNIFICANT SSL PERFORMANCE LOSS LEAVES MUCH ROOM FOR IMPROVEMENT Author John W. Pirc Overview In early 2013, NSS Labs released the results of its Next Generation Firewall Comparative Analysis Reports (NGFW CARs). As part of the analysis, NSS assessed the performance of client- side secure sockets layer (SSL) decryption in seven of the eight NGFWs that were included in that voluntary group test. The resulting impacts on performance of SSL decryption when included as a feature within the NGFW, or when offloaded to a separate SSL appliance, were significant. NSS research showed that 25% 35% of enterprise traffic is SSL and, depending on the industry vertical, the percentage of SSL traffic can reach as high as 70%. NSS research also found that 2048b ciphers caused a mean average of 81% in performance loss across all vendors tested. Certificate authorities are intending to cease issue of 1024 bit ciphers and will move to 2048 bit ciphers by December 31, Although the performance numbers are cause for concern, the presence of malware within encrypted channels is a real, albeit relatively small, threat in enterprise environments that warrants decryption and scanning as a best practice. Figure 1 displays the aggregated results from the vendor tests. Figure 1 SSL Performance Impacts on Bandwidth and Transaction per Second Loss

2 NSS Labs Findings The average proportion of SSL traffic within a typical enterprise is 25% 35%. The NSS threat database 1 has uncovered a small percentage (~1%) of malware using SSL. NSS research indicates that the majority of threats that are using SSL as a transport fall under the targeted persistent attack (TPA) category. The mean average of performance loss across 7 NGFW s: ~74% with 512b and 1024b ciphers ~81% with 2048b ciphers. The mean average of transactions per second (TPS) loss across 7 NGFW s: ~86.80% with a 512b cipher ~87.79% with a 1024 cipher ~92.28% with a 2048 cipher The Sourcefire NGFW had the highest rated TPS performance. However, Sourcefire was the only vendor that used a dedicated SSL appliance. The Dell SonicWALL SuperMassive E10800 NGFW had the highest rated TPS performance with onboard SSL decryption. Juniper was rated the best with regards to performance loss and reduction in TPS. All vendors had significant performance issues and TPS loss with 2048b ciphers. NSS has concerns for the viability of SSL inspection in enterprise networks without the use of dedicated SSL decryption devices. 1 Our database is a collection of malware samples that are collected in real- time from around the world. 2

3 NSS Labs Recommendations Enterprises are advised to review the performance ratings of SSL, in order to decide which platform meets their performance requirements. Additionally, NSS recommends that a platform be tested before a purchasing decision is made. Enterprises should measure the SSL traffic in their current network environment in order to allow for future capacity planning. An average yearly increase of ~20% in SSL traffic should be expected. 2 Consideration should only be given to products that support the creation of rules for bypassing SSL decryption based on URL categories, such as healthcare, banking, and mobile apps that contain sensitive and personal information. Depending on an organization s network traffic, this could substantially reduce performance loss and assist with an organization s compliance with national privacy laws. Enterprises should seek to offset the SSL risk by deploying endpoint security solutions and breach detection solutions that are behavior- based, and that are able to detect command and control (C&C) and malware callbacks via SSL. Enterprises should educate users about the dangers of accepting a self- signed and non- valid certificate, in the same way they would educate about SPAM and phishing

4 Table of Contents Overview... 1 NSS Labs Findings... 2 NSS Labs Recommendations... 3 Analysis... 5 SSL and the Enterprise... 5 SSL and the Adversary NGFW SSL Performance CAR... 7 Vendor Performance Numbers... 9 Check Point Dell SonicWALL SuperMassive E Fortinet Fortigate- 3600C Juniper SRX Palo Alto Networks PA Sourcefire 8250 & Sourcefire Stonesoft Reading List Contact Information Table Of Figures Figure 1 SSL Performance Impacts on Bandwidth and Transaction per Second Loss... 1 Figure 2 Key Strength Distribution... 6 Figure 3 Decryption Times of Ciphers on 2GHz Pentium... 6 Figure 4 SSL Performance Impacts on Bandwidth... 8 Figure 5 SSL Transaction per Second Loss... 8 Figure 6 Check Point Figure 7 Dell SonicWALL SuperMassive E Figure 8 Fortinet Fortigate- 3600C Figure 9 Juniper SRX Figure 10 Palo Alto Networks PA Figure 11 Sourcefire Figure 12 Sourcefire Figure 13 Stonesoft

5 Analysis During a recent analysis of NGFWs, NSS verified the performance impacts of client- side SSL inspection, and the results showed considerable room for improvement. This raises concerns for the viability of SSL inspection in enterprise networks without the use of dedicated SSL decryption devices. NSS research has found that the use of HTTPS has risen significantly over the past few years; web browser- based applications such as Facebook and Twitter, 3 and search engines such as Google are enabling SSL by default as a result of privacy and security concerns. Additionally, users increasingly have the ability to install browser add- ons that can force the use of HTTPS within popular web browsers such as Safari, Chrome, Internet Explorer and Firefox. These extensions force the browser to only access HTTPS first. It is the ultimate irony that the increasing use of SSL in an attempt to make our on- line lives more secure actually reduces security on the corporate network by creating blind spots for corporate security infrastructures. HTTPS has been used for secure web communications on the Internet for almost two decades, but it is only recently that network security vendors have begun including HTTPS as a feature. This is in response to client requirements regarding regulatory compliance, search engines and web/mobile applications that are utilizing SSL by default and, most importantly, in response to malware that is using SSL as a transport to evade network detection devices. SSL and the Enterprise NSS research on the use of HTTPS reveals that within any given enterprise the current percentage of outbound network traffic that is SSL/TLS encrypted is about 25% 35%. Performance issues relating to SSL can be attributed to several factors, but the most significant is the length of the certificate key. The larger the key, the more computing power is required to decrypt it. Trustworthyinternet.org has a global dashboard known as SSL Pulse that extracts close to 200,000 well known SSL websites from Alexa, 4 a company which provides analytics on ~1.5 million websites. The most recent report from SSL Pulse shows that out of 172,537 SSL websites surveyed, 91.1% were using 2048 bit ciphers 5. This information, when viewed alongside the significant declines in performance and transaction rates that were observed during testing, questions the wisdom of enabling SSL. 3 adds- ssl- security/ pulse/ 5

6 Figure 2 Key Strength Distribution Performing HTTPS decryption inline on a NGFW device, or on any security device that is performing deep packet inspection is a significant undertaking. Figure 3 shows the performance impacts (in milliseconds) that the various ciphers have on a 2GHz Pentium processor. Figure 3 Decryption Times of Ciphers on 2GHz Pentium 6 NSS predicts that the default ciphers will increase in length, which will require more computing power. The standard default cipher that is acceptable today is 1024b and, according to NIST Special Publication 800-5, the 6 6

7 standard default cipher of 2048b will be required by December 31, Anything below 2048b should be transitioned to the new standard. 7 NSS testing results indicate that this will be an issue for most network security vendors. SSL and the Adversary Many attack vectors may be used to compromise an asset, and blind spots within an infrastructure help attackers to evade detection. The following methods may be used: Drive- by malware sites using HTTPS C&C s that communicate via SSL Malware with SSL callbacks Recent research on the NSS threat database found that while it is only a small percentage (~1%) of malware that is using SSL, this malware is highly sophisticated. These methods of attack pose real risks to an organization s infrastructure. Additionally, network security devices that lack the ability to inspect SSL traffic allow attackers to remain undetected by network monitoring. Some of the attack methods listed above would require the end user to accept a SSL certificate. It can certainly be argued that sophisticated users will not click and accept a SSL certificate, and that seasoned security professionals will not accept either a self- signed certificate or one that is accompanied by a warning banner stating that the web browser can not verify the identity of a website. However, most users will not realize the real risk and will click and accept. To illustrate this point, a recent infographic 8 on Get Cyber Safe, a web site dedicated to educating users on Internet security, showed that 16 million s per day pass undetected through spam filters, 8 million of these are opened, and more than 800,000 users will click on the malicious links contained within these s NGFW SSL Performance CAR Earlier this year, NSS released a NGFW comparative analysis report that detailed the results of SSL performance testing of Check Point, Dell SonicWALL, Fortinet, Juniper, Palo Alto Networks, SourceFire and Stonesoft. The following analysis examines the vendor s ability to intercept, decrypt, process, and re- encrypt HTTPS traffic at network loads of varying size and varying connections per second, with SSL inspection enabled. Through the creation of genuine, session- based HTTPS traffic with varying session lengths, the vendor is forced to track valid TCP sessions, thus ensuring a higher workload than for simple packet- based background traffic. This provides a test environment that is as close to real world as it is possible to achieve in a lab environment, while still ensuring accuracy and repeatability. 7 management_dec2009.pdf eng.aspx eng.aspx 7

8 Each transaction consists of a SSL handshake followed by a single HTTP(S) GET request, and there are no transaction delays (the Web server responds immediately to all requests). All packets contain valid payload (a mix of binary and ASCII objects) and address data, and the test represents a live network (albeit one that is biased towards HTTPS traffic) at various network loads. Figure 4 and Figure 5 provide a consolidated view of the vendor results. Figure 4 SSL Performance Impacts on Bandwidth Figure 5 SSL Transaction per Second Loss 8

9 Vendor Performance Numbers Check Point The Check Point NGFW is currently performance rated at 5Gbps by Check Point. During SSL performance testing, the actual performance was rated at 4.22Gbps. It was also noted that the TPS versus the megabits per second (Mbps) remained relatively consistent with the 512b and 1024b ciphers. NSS anticipated a linear drop in performance and TPS as the ciphers doubled in size, but this was not the case. The 2048b cipher caused a decrease in TPS of 300, but performance was maintained at 550 Mbps. This is an 87 percent reduction from the vendor advertised performance. Dell SonicWALL SuperMassive E10800 Figure 6 Check Point The Dell SonicWALL SuperMassive E10800 NGFW is currently performance rated by the vendor at 12Gbps. During NSS testing, the actual performance was rated at 16.6Gbps. There was an expected linear reduction in TPS versus Mbps. The performance decrease between 512b and 1024b was marginal, but there was a significant performance loss at 2048b. Impact on performance for tested ciphers: 84% w/512b 85% w/1024b 94% w/2048b Figure 7 Dell SonicWALL SuperMassive E

10 Fortinet Fortigate- 3600C The Fortinet Fortigate- 3600C NGFW is currently performance rated by the vendor at 60Gbps. During NSS testing, the actual performance was rated at 7,580Mbps. The expectation of a linear drop in TPS versus Mbps was constant as the cipher strengths increased. The performance decreases across all ciphers were marginal, but the overall performance impact was the greatest across all vendors. Impact on performance for tested ciphers: % w/512b % w/1024b % w/2048b Juniper SRX3600 Figure 8 Fortinet Fortigate- 3600C The Juniper SRX3600 NGFW is currently performance rated by the vendor at 11Gbps. During NSS testing, the actual performance was rated at 3.3Gbps. Juniper performed the best out of all the vendors with the lowest performance degradation. Additionally, Juniper demonstrated the highest throughput with 1024b and 2048b ciphers with onboard SSL. The TPS versus Mbps did not follow the anticipated linear reduction that was common with other products. Impact on performance for tested ciphers: 34% w/512b 13% w/1024b 36% w/2048b Figure 9 Juniper SRX

11 Palo Alto Networks PA The Palo Alto Networks PA NGFW is currently performance rated by the vendor at 2Gbps. During NSS testing, the actual performance was rated at 2.3Gbps. The TPS versus Mbps followed a linear reduction with marginal performance degradation between 1024b and 2048b ciphers. Impact on performance for tested ciphers: 66% w/512b 78% w/1024b 79% w/2048b Sourcefire 8250 & Sourcefire 8290 Figure 10 Palo Alto Networks PA The Sourcefire 8250 NGFW is currently performance rated by the vendor at 10Gbps. During NSS testing, the actual performance was rated at 12.9Gbps. The Sourcefire 8250 was the only vendor that utilized a dedicated SSL appliance during testing. The TPS achieved were the highest of all the devices tested. Impact on performance for tested ciphers: 77.13% w/512b 77.52% w/1024b 82.95% w/2048b Figure 11 Sourcefire

12 The Sourcefire 8290 NGFW is currently performance rated by the vendor at 40Gbps. During NSS testing, the actual performance was rated at 52.3Gbps. The TPS and Mbps remained the same as the This is not a reflection of the performance capabilities of the 8250 and 8290, but rather of the processing limitation of the dedicated SSL appliance. Impact on performance for tested ciphers: % w/512b % w/1024b % w/2048b Stonesoft 3202 Figure 12 Sourcefire 8290 The Stonesoft 3202 NGFW is currently performance rated by the vendor at 3Gbps. During NSS testing, the actual performance was rated at 2.7Gbps. The TPS and the Mbps followed the predictive linear reduction as the cipher strength increased. Impact on performance for tested ciphers: 54% w/512b 60% w/1024b 76% w/2048b Figure 13 Stonesoft

13 Reading List The Targeted Persistent Attack (TPA) The Misunderstood Security Threat Every Enterprise Faces. NSS Labs brief- targeted- persistent- attack- tpa- misunderstood- security- threat- every- enterprise 2013 Next Generation Firewall Comparative Analysis. NSS Labs next- generation- firewall- comparative- analysis 13

14 Contact Information NSS Labs, Inc. 206 Wild Basin Rd Building A, Suite 200 Austin, TX USA +1 (512) This analyst brief was produced as part of NSS Labs independent testing information services. Leading products were tested at no cost to the vendor, and NSS Labs received no vendor funding to produce this analyst brief NSS Labs, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the authors. Please note that access to or use of this report is conditioned on the following: 1. The information in this report is subject to change by NSS Labs without notice. 2. The information in this report is believed by NSS Labs to be accurate and reliable at the time of publication, but is not guaranteed. All use of and reliance on this report are at the reader s sole risk. NSS Labs is not liable or responsible for any damages, losses, or expenses arising from any error or omission in this report. 3. NO WARRANTIES, EXPRESS OR IMPLIED ARE GIVEN BY NSS LABS. ALL IMPLIED WARRANTIES, INCLUDING IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON- INFRINGEMENT ARE DISCLAIMED AND EXCLUDED BY NSS LABS. IN NO EVENT SHALL NSS LABS BE LIABLE FOR ANY CONSEQUENTIAL, INCIDENTAL OR INDIRECT DAMAGES, OR FOR ANY LOSS OF PROFIT, REVENUE, DATA, COMPUTER PROGRAMS, OR OTHER ASSETS, EVEN IF ADVISED OF THE POSSIBILITY THEREOF. 4. This report does not constitute an endorsement, recommendation, or guarantee of any of the products (hardware or software) tested or the hardware and software used in testing the products. The testing does not guarantee that there are no errors or defects in the products or that the products will meet the reader s expectations, requirements, needs, or specifications, or that they will operate without interruption. 5. This report does not imply any endorsement, sponsorship, affiliation, or verification by or with any organizations mentioned in this report. 6. All trademarks, service marks, and trade names used in this report are the trademarks, service marks, and trade names of their respective owners. 14